how byod will shape wireless network security in 2012
DESCRIPTION
Presents enterprise network security implications of BYOD (Bring Your Own Device) revolution.TRANSCRIPT
How BYOD will shape wireless How BYOD will shape wireless network security in 2012?network security in 2012?
Dr. Hemant ChaskarVice President of TechnologyAirTight Networks
© 2011 AirTight Networks. All Rights Reserved.
BYOD! BYOD!
Security? Security?
Why is security a concern with BYOD?
Unauthorized smart phones connecting to enterprise network
Mobile Wi-Fi hotspots bypassing perimeter security
3G
Intrusion threats
Extrusion threats
Rater, IntrAsion – pun intended!
Enterprise Wi-Fi: Not a barrier for employee smartphones
Two-steps to connect your smartphone to WPA2, 802.1x Wi-Fi?
1. Look up username and password in Wi-Fi utility on laptop.
2. Enter those in your personal smartphone.
Intrusion threats from personal smartphonesLet us start with malware!
Android malware grew 472% in 2H2011 – says
PCMag
Intrusion threats from personal smartphones
Android malware grew 472% in 2H2011 – says
PCMag
Even iOS is not safe once
“Jailbroken”
Your sensitive corporate data could
finally end up here!
Personal apps reduce
productivity, increase risk of
data leakage
Limitations of common security practices
MAC ACL– Lot of initial work, tedious to manage
Mobile Device Management (MDM)– Required for IT assigned smartphone devices– But, no visibility into or control over personal devices
IT Assigned Smartphones Personal Smartphones
Wireless Intrusion Prevention Systems (WIPS)
Eavesdropping
Unauthorized Access
WPA2
Firewall, Wired IPS
Wi-Phishing
HoneypotsExternal APsCracking External Users
Rogue AP Misconfigured AP
Ad hoc Connections
Wireless DoS
WIPS
WIPS architecture
Building ABuilding B
SensorSensor
Server
With this in place, your network is protected from all types of wireless threats, vulnerabilities and attack tools!
External APs
Rogue APs (On Network)
Authorized APs
AP Classification
STOP
Client ClassificationPolicyMis-config
GO
STOP
IGNORE
DoS
External Clients
Authorized Clients
Rogue Clients
AUTOMATICALLY DETECT AND BLOCK RED PATHS!
WIPS policy enforcement
Smartphone monitoring with WIPS
Authorized APs
Authorized ClientsUsers
Flag/block unapproved
devices!
GO
Smartphone policy enforcement with WIPS
STOP
External APs
Mobile Hotspots
STOP
User Authentication + Machine Identification
Smart device identification
Device type
Approved/unapproved status
Device/user name
MAC address
Drill down on device details
Accurate location tracking
Block policy for unapproved smart devices
Extrusion threats from personal smartphones
Detect and block authorized clients from connecting to personal mobile hotspots (iPhone MyWi, Android Mobile AP, etc.)
Mobile Honeypot
Authorized Client
3G
Blocked by WIPS
Allowed by WIPS
Authorized AP
Internet
Key takeaways
• BYOD revolution creates new security risks due to use of personal smart devices on enterprise premises
• WIPS uses combination of device fingerprinting and policy framework to automatically detect and flag/block unapproved personal smart devices in the network
• WIPS continues to provide comprehensive protection from traditional Wi-Fi security threats such as Rogue APs, Wi-Phishing, ad hoc networks, DoS attacks, device mis-configurations, etc.